[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: Fw: IPSec vs. SSL
From: Joel M Snyder <Joel.Snyder@Opus1.COM>
Date: Tue, 19 Dec 2000 08:28:18 -0700 (MST)
Cc: Paul Heber <pheber@qantas.com.au>, Henry Spencer <henry@spsystems.net>, ipsec@lists.tislabs.com
Comments: Telecommunications and Information Technology Services
Fruit-of-the-day: Buni
In-reply-to: "Your message dated Mon, 18 Dec 2000 21:48:35 -0500"<20001219024836.136D035DC2@smb.research.att.com>
Organization: Opus One - +1 520 324 0494
Sender: owner-ipsec@lists.tislabs.com


>To me, the difference is ease of deployment versus scope of protection.
>SSL is easier to deploy, because it lives solely at user level.  It
>does not need any kernel mods, source code, etc., and is reasonably
>portable between operating systems.

>On the other hand, with SSL you have to secure one application at a
>time.    You can't protect entire subnets.  There are trivial
>denial of service attacks by active attackers; they simply need to
>inject a single TCP packet.  And there's no way to protect UDP.

I agree that those are the main and key issues.  
There are two other problems with SSL that I bring up in my class (warning
students that these are largely "academic" issues):

1) The key generation in SSL is done by one party, not two, and therefore
defects in implementation (such as Netscape had) have especially large effects;
with IPSEC, the two parties both contribute equally to key generation which
would tend to mitigate these effects (perhaps). 

2) The secrecy of an SSL conversation is dependent on the private key of the
server (assuming one-way authentication) being FOREVER kept secret; if the
private key is exposed, then all old "taped" SSL conversations can be played
back and decoded; with IPSEC, the encryption key could be compromised, but in
practice such keys are unlikely to be in some persistent storage.  Ergo, if I
broke into a web server and grabbed the private key, all conversations would be
exposed to me.  Quick question: how often when a web server is "defaced" do you
think the owners think to generate new private keys? 

jms


Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)  
jms@Opus1.COM    http://www.opus1.com/jms    Opus One

References:

Re: Fw: IPSec vs. SSL

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: RE: MODP groups draft concern
Next by Date: Re: Fw: IPSec vs. SSL
Prev by thread: Re: Fw: IPSec vs. SSL
Next by thread: Re: Fw: IPSec vs. SSL
Index(es):
- Main
- Thread